|
|
|
|
|
|
|
|
|
|
xen-users
Re: [Xen-users] domU kernel
It's funny, my test installation just got hacked. I had a idiot
password for domU and somebody uploaded a suKit 1.3
and I also found trace of adding a user (www) in dom0 and trying to
change pathes with PATH=:.: plus doing an FTP
connection from dom0 (history of root in dom0, showed "ftp
hackers.home.domain").
Ok I can confirm, that dom0 can be exposed to hacking by putting the
kernel into domU.
Now the big question is: how can I install a Centos domU on Centos dom0
and have the kernel OUTSIDE domU ?
..and has already somebody installed xen-shell on Centos 5 dom0 ?
Thanks,
Robin
Christian Horn wrote:
On Sun, Oct 14, 2007 at 08:49:19PM -0400, IDAGroup - R.W.Muller wrote:
Wow, if that is true then is CentOS making a big mistake.
Nah, they probably took the pros and cons into account and then made
the same decision as suse did for SLES: put it all into the discfile.
Xen needs a bit more work than vmware, and this is a step to make the
handling of domUs simpler.
Steve Wray wrote:
You forgot the con.
cons: Security. You now have a domU in which a local exploit could
result in code being executed in dom0 at the next boot of that domU.
By the way, this actually happened. See CVE-2007-4993
Right, its a con. Just couldnt think of at the time of writing ;)
Christian
|
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
|
|
|
|
|